Cicis Pizza Suffers Payment Card Breach at 130+ Locations

Cicis Pizza, a casual fast food restaurant chain, has acknowledged it suffered a payment card breach at more than 130 locations.

On July 19, the restaurant chain informed its customers of the breach:

“Cicis values its customers and respects the privacy of your information. As a precautionary measure, we want to inform you that your personal information may have been compromised as a result of a data breach that impacted certain of Cicis restaurant locations. Cicis regrets any inconvenience this may have caused.”

According to a data breach notice, the fast food chain’s point-of-sale (POS) vendor launched an investigation after receiving reports of malfunctioning POS systems at several Cicis Pizza restaurant locations. Investigators ultimately found that an attacker had planted POS malware at some locations.

Cicis subsequently hired a security firm to conduct a forensic analysis of what information the attackers might have compromised. The firm found hackers might have stolen some customers’ payment card information.

For a full list of all Cicis restaurants affected by the incident, please click here (PDF).

The restaurant chain is actively working with law enforcement to respond to the breach. As it explains in its statement:

“As part of our response to this incident, we have notified law enforcement and the state agencies as required by the laws of the jurisdictions in which our restaurants are located, and we will continue to assist with their investigation. The payment card networks have also been informed so that they can coordinate with card issuing banks to monitor for fraudulent activity on cards used during the timeframe in which cards may have been compromised. Cicis continues to monitor and upgrade our systems to keep your information as secure as possible.”

Cicis Pizza customers should review their credit card statements for unusual activity. If they spot a transaction they don’t recognize, they should consider ordering a credit report from one of the three credit bureaus, placing a fraud alert on their credit report, and/or requesting a security freeze on their credit file.